---
title: "Setting Up Xero OAuth App"
description: "Complete guide to creating and configuring a Xero OAuth application"
---

## Prerequisites

- Xero account (personal or business)
- Access to Xero Developer Portal

## Step 1: Create Xero Developer Account

1. Visit [https://developer.xero.com/](https://developer.xero.com/)
2. Click **"Get started for free"** or **"Login"** if you already have an account
3. Sign in with your Xero account or create a new developer account

<img src="/images/knowledge-base/xero_oauth_app/xero_step1_login.png" alt="Xero Developer Login" />

## Step 2: Create a New App

1. Once logged in, go to your developer dashboard
2. Click **"New app"** or **"Create an app"**
3. Choose **"Web App"** as the integration type
4. Fill in the app details:
   - **App name**: Your application name (e.g., your brand name)
   - **Company or application URL**: Your company website
   - **Privacy policy URL**: Your privacy policy URL
   - **Terms of service URL**: Your terms of service URL

<img src="/images/knowledge-base/xero_oauth_app/xero_step2_create_app.png" alt="Xero App Creation Form" />

<Note>
Normally, the redirect URI should be set to: `https://api.klavis.ai/oauth/xero/callback`
</Note>

## Step 3: Configure OAuth Settings

<Note>
Klavis Xero MCP Server uses the following OAuth scopes: `accounting.transactions.read accounting.transactions offline_access`
</Note>

1. **Redirect URIs**: Add your callback URL:
   - `https://api.klavis.ai/oauth/xero/callback`

2. **Scopes**: Select the scopes your application needs:
   - `offline_access` (required for refresh tokens)
   - `accounting.transactions.read` (for reading transaction data)
   - `accounting.transactions` (for transaction operations)
   - Add any additional scopes based on your needs

<img src="/images/knowledge-base/xero_oauth_app/xero_step3_connection_config.png" alt="OAuth Settings and Connection Configuration" />

<Warning>
You can connect up to 25 organisations to uncertified apps. [Read more about uncertified app limits](https://developer.xero.com/guides/oauth2/limits/).
</Warning>

## Step 4: Get Your Credentials

After creating the app, you'll see:
- **Client ID**: Copy this value
- **Client Secret**: Generate and copy this value (keep it secure!)

<Check>
You have successfully created a Xero OAuth application! You now have your Client ID and Client Secret ready for integration with Klavis AI.
</Check>

### Xero Token Expiration
- **Access Tokens**: Expire after 30 minutes
- **Refresh Tokens**: Expire after 60 days (rolling expiration - resets when used)

<Tip>
**Klavis handles all token management automatically** - we refresh your tokens before they expire so you maintain seamless access to your Xero data without any interruption.
</Tip>

## (Optional) Step 5: White Labeling 

<Note>
White labeling allows you to customize the OAuth experience with your own branding instead of Klavis AI's.
</Note>

If you want to use your own Xero OAuth application with custom branding:

1. **Configure White Labeling**: Go to [https://www.klavis.ai/home/white-label](https://www.klavis.ai/home/white-label)
2. **Add Your Credentials**: Enter your Xero **Client ID** and **Client Secret** from Step 4
3. **Set Redirect URI**: Use `https://api.klavis.ai/oauth/xero/callback` or your custom callback URL
4. **Initiate OAuth**: Use your client ID when starting the OAuth flow:

   <CodeGroup>
   
   ```javascript without SDK
   // Example: Initiating Xero OAuth with white-label
   const authUrl = `https://api.klavis.ai/oauth/xero/authorize?instance_id=${instanceId}&client_id=${yourClientId}`;
   window.location.href = authUrl;
   ```
   
   ```typescript TypeScript SDK
   import { Klavis } from "@klavis/sdk";
   
   const klavis = new Klavis({
     apiKey: "YOUR_API_KEY"
   });
   
   // Example: Initiating Xero OAuth with white-label
   const oauthUrl = await klavis.mcpServer.getOAuthUrl({
     serverName: Klavis.McpServerName.Xero,
     instanceId: instanceId,
     clientId: yourClientId,
     // redirectUri: YOUR_REDIRECT_URI,
     // scope: "YOUR_SCOPES", 
   });
   
   window.location.href = oauthUrl;
   ```
   
   ```python Python SDK
   import webbrowser
   from klavis import Klavis
   from klavis.types import McpServerName
   
   klavis = Klavis(api_key="YOUR_API_KEY")
   
   # Example: Initiating Xero OAuth with white-label
   oauth_url = klavis.mcp_server.get_oauth_url(
       server_name=McpServerName.XERO,
       instance_id=instance_id,
       client_id=your_client_id,
       # redirect_uri="YOUR_REDIRECT_URI",
       # scope="YOUR_SCOPES"
   )
   
   # Open OAuth URL in user's default browser
   webbrowser.open(oauth_url)
   ```
   
   </CodeGroup>

<Tip>
For detailed white labeling implementation and code examples, see our [OAuth & White Labeling guide](/auth/white-label).
</Tip>

## Resources
- [Xero Developer Documentation](https://developer.xero.com/)
- [Xero OAuth 2.0 Authentication Guide](https://developer.xero.com/guides/oauth2/overview/)
- [Klavis OAuth & White Labeling Guide](/auth/white-label)
- [Klavis White Label Dashboard](https://www.klavis.ai/home/white-label)
- [Xero API Scopes Reference](https://developer.xero.com/guides/oauth2/scopes/)
- [Xero OAuth Limits for Uncertified Apps](https://developer.xero.com/guides/oauth2/limits/)